MFH: r553061

security/dropbear: change in rc DSS to ed25519 dropbear no longer supports DSS keys, use ed25519 instead. rc file needs to be updated. currently starting dropbear fails with error: % service dropbear start ... Unknown key type 'dss' ... Submitted by: waitman@waitman.net PR: 250192 Approved by: portmgr (runtime fix)
svn path=/branches/2020Q4/; revision=553062
2020-10-23 00:19:21 +00:00 · 2020-10-23 00:19:21 +00:00 · 3fbc5d0b25 · 2021-03-31 03:12:20 +00:00
commit 3fbc5d0b25
parent c4ba2916a9
2 changed files with 8 additions and 12 deletions
--- a/security/dropbear/Makefile
+++ b/security/dropbear/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	dropbear
 PORTVERSION=	2020.80
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	https://matt.ucc.asn.au/dropbear/releases/

@ -27,7 +27,7 @@ OPTIONS_DEFAULT=	AES128 AES256 CURVE25519 ED25519 GCM GROUP14_SHA256 \
 OPTIONS_MULTI=		ENC KEY KEX MAC MODE
 OPTIONS_MULTI_ENC=	3DES AES128 AES256 CHACHA20POLY1305 TWOFISH128 \
 			TWOFISH256
-OPTIONS_MULTI_KEY=	ECDSA ED25519 DSA RSA
+OPTIONS_MULTI_KEY=	ECDSA ED25519 RSA
 OPTIONS_MULTI_KEX=	CURVE25519 ECDH GROUP1 GROUP14_SHA1 GROUP14_SHA256 \
 			GROUP16
 OPTIONS_MULTI_MAC=	MD5 SHA1 SHA1_96 SHA2_256 SHA2_512
@ -40,7 +40,6 @@ CBC_DESC=		Use CBC mode for ciphers (less secure)
 CHACHA20POLY1305_DESC=	Enable chacha20poly1305-based encryption
 CTR_DESC=		Use CTR mode for ciphers
 CURVE25519_DESC=	Enable Curve25519
-DSA_DESC=		Enable DSA public key support
 ECDH_DESC=		Enable ECDH (insecure)
 ECDSA_DESC=		Enable ECDSA public key support
 ED25519_DESC=		Enable ED25519 public key support
@ -117,9 +116,6 @@ post-patch-GROUP14_SHA256-off:
 post-patch-GROUP16-on:
 	@${ECHO} "#define DROPBEAR_DH_GROUP16 1" >> ${WRKSRC}/localoptions.h

-post-patch-DSA-off:
-	@${ECHO} "#define DROPBEAR_DSS 0" >> ${WRKSRC}/localoptions.h
-
 post-patch-RSA-off:
 	@${ECHO} "#define DROPBEAR_RSA 0" >> ${WRKSRC}/localoptions.h

--- a/security/dropbear/files/dropbear.in
+++ b/security/dropbear/files/dropbear.in
@ -35,12 +35,12 @@ dropbear_keygen()
 		%%PREFIX%%/bin/dropbearkey -t rsa -f ${etcdir}/dropbear_rsa_host_key
 	fi

-	if [ -f ${etcdir}/dropbear_dss_host_key ]; then
-		echo "You already have an DSS host key" \
-		    "in ${etcdir}/dropbear_dss_host_key"
-		echo "Skipping protocol version 2 DSS Key Generation"
+	if [ -f ${etcdir}/dropbear_ed25519_host_key ]; then
+		echo "You already have an ed25519 host key" \
+		    "in ${etcdir}/dropbear_ed25519_host_key"
+		echo "Skipping protocol version 2 ed25519 Key Generation"
 	else
-		%%PREFIX%%/bin/dropbearkey -t dss -f ${etcdir}/dropbear_dss_host_key
+		%%PREFIX%%/bin/dropbearkey -t ed25519 -f ${etcdir}/dropbear_ed25519_host_key
 	fi
 	)
 }
@ -48,7 +48,7 @@ dropbear_keygen()
 dropbear_precmd()
 {
 	if [ ! -f ${etcdir}/dropbear_rsa_host_key -o \
-		! -f ${etcdir}/dropbear_dss_host_key ]; then
+		! -f ${etcdir}/dropbear_ed25519_host_key ]; then
 		run_rc_command keygen
 	fi
 }